anytun.cpp

   1 /*
   2  *  anytun
   3  *
   4  *  The secure anycast tunneling protocol (satp) defines a protocol used
   5  *  for communication between any combination of unicast and anycast
   6  *  tunnel endpoints.  It has less protocol overhead than IPSec in Tunnel
   7  *  mode and allows tunneling of every ETHER TYPE protocol (e.g.
   8  *  ethernet, ip, arp ...). satp directly includes cryptography and
   9  *  message authentication based on the methodes used by SRTP.  It is
  10  *  intended to deliver a generic, scaleable and secure solution for
  11  *  tunneling and relaying of packets of any protocol.
  12  *
  13  *
  14  *  Copyright (C) 2007 anytun.org <satp@wirdorange.org>
  15  *
  16  *  This program is free software; you can redistribute it and/or modify
  17  *  it under the terms of the GNU General Public License version 2
  18  *  as published by the Free Software Foundation.
  19  *
  20  *  This program is distributed in the hope that it will be useful,
  21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23  *  GNU General Public License for more details.
  24  *
  25  *  You should have received a copy of the GNU General Public License
  26  *  along with this program (see the file COPYING included with this
  27  *  distribution); if not, write to the Free Software Foundation, Inc.,
  28  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  29  */
  30
  31 #include <iostream>
  32 #include <poll.h>
  33
  34 #include <gcrypt.h>
  35 #include <cerrno>     // for ENOMEM
  36
  37 #include "datatypes.h"
  38
  39 #include "log.h"
  40 #include "buffer.h"
  41 #include "plainPacket.h"
  42 #include "encryptedPacket.h"
  43 #include "cipher.h"
  44 #include "keyDerivation.h"
  45 #include "authAlgo.h"
  46 #include "authTag.h"
  47 #include "cipherFactory.h"
  48 #include "authAlgoFactory.h"
  49 #include "keyDerivationFactory.h"
  50 #include "signalController.h"
  51 #include "packetSource.h"
  52 #include "tunDevice.h"
  53 #include "options.h"
  54 #include "seqWindow.h"
  55 #include "connectionList.h"
  56
  57 #include "syncQueue.h"
  58 #include "syncSocketHandler.h"
  59 #include "syncListenSocket.h"
  60
  61 #include "syncSocket.h"
  62 #include "syncClientSocket.h"
  63 #include "syncCommand.h"
  64
  65 #include "threadParam.h"
  66
  67 #define PAYLOAD_TYPE_TAP 0x6558
  68 #define PAYLOAD_TYPE_TUN 0x0800
  69
  70 #define MAX_PACKET_LENGTH 1600
  71
  72 #define SESSION_KEYLEN_AUTH 20   // TODO: hardcoded size
  73 #define SESSION_KEYLEN_ENCR 16   // TODO: hardcoded size
  74 #define SESSION_KEYLEN_SALT 14   // TODO: hardcoded size
  75
  76 void createConnection(const std::string & remote_host, u_int16_t remote_port, ConnectionList & cl, u_int16_t seqSize, SyncQueue & queue)
  77 {
  78       // TODO: use key exchange for master key/salt
  79   uint8_t key[] = {
  80   'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
  81   'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'
  82   };
  83
  84   uint8_t salt[] = {
  85   'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h',
  86   'i', 'j', 'k', 'l', 'm', 'n'
  87   };
  88
  89         SeqWindow * seq= new SeqWindow(seqSize);
  90         seq_nr_t seq_nr_=0;
  91   KeyDerivation * kd = KeyDerivationFactory::create(gOpt.getKdPrf());
  92   kd->init(Buffer(key, sizeof(key)), Buffer(salt, sizeof(salt)));
  93   cLog.msg(Log::PRIO_NOTICE) << "added connection remote host " << remote_host << ":" << remote_port;
  94         ConnectionParam connparam ( (*kd),  (*seq), seq_nr_, remote_host,  remote_port);
  95         cl.addConnection(connparam,0);
  96   SyncCommand sc (cl,0);
  97         queue.push(sc);
  98 }
  99
 100
 101 void addPacketAuthTag(EncryptedPacket& pack, AuthAlgo* a, ConnectionParam& conn)
 102 {
 103   AuthTag at = a->calc(pack);
 104   pack.setAuthTag( at );
 105 }
 106
 107 bool checkPacketAuthTag(EncryptedPacket& pack, AuthAlgo* a, ConnectionParam & conn)
 108 {
 109   // check auth_tag and remove it
 110   AuthTag at = pack.getAuthTag();
 111   return (at == a->calc(pack));
 112 }
 113
 114 bool checkPacketSeqNr(EncryptedPacket& pack,ConnectionParam& conn)
 115 {
 116         // compare sender_id and seq with window
 117         if(conn.seq_window_.hasSeqNr(pack.getSenderId(), pack.getSeqNr()))
 118         {
 119                 cLog.msg(Log::PRIO_NOTICE) << "Replay attack from " << conn.remote_host_<<":"<< conn.remote_port_
 120                                << " seq:"<<pack.getSeqNr() << " sid: "<<pack.getSenderId();
 121                 return false;
 122         }
 123
 124         conn.seq_window_.addSeqNr(pack.getSenderId(), pack.getSeqNr());
 125         return true;
 126 }
 127
 128 void* sender(void* p)
 129 {
 130   ThreadParam* param = reinterpret_cast<ThreadParam*>(p);
 131
 132   std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher()));
 133 //  std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo()) );
 134
 135   PlainPacket plain_packet(MAX_PACKET_LENGTH);
 136   EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH);
 137
 138   Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR));             // TODO: hardcoded size
 139   Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT));            // TODO: hardcoded size
 140   Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH));        // TODO: hardcoded size
 141
 142   //TODO replace mux
 143   u_int16_t mux = 0;
 144   while(1)
 145   {
 146     plain_packet.setLength(MAX_PACKET_LENGTH);
 147     encrypted_packet.setLength(MAX_PACKET_LENGTH);
 148     // read packet from device
 149     u_int32_t len = param->dev.read(plain_packet.getPayload(), plain_packet.getPayloadLength());
 150     plain_packet.setPayloadLength(len);
 151
 152     std::cout << "plain_packet.getPayloadLength() = " << plain_packet.getPayloadLength() << std::endl;
 153
 154     if(param->cl.empty())
 155       continue;
 156
 157     ConnectionMap::iterator cit = param->cl.getConnection(mux);
 158                 if(cit==param->cl.getEnd())
 159                         continue;
 160                 ConnectionParam & conn = cit->second;
 161
 162     // set payload type
 163     if(param->dev.getType() == TunDevice::TYPE_TUN)
 164       plain_packet.setPayloadType(PAYLOAD_TYPE_TUN);
 165     else if(param->dev.getType() == TunDevice::TYPE_TAP)
 166       plain_packet.setPayloadType(PAYLOAD_TYPE_TAP);
 167     else
 168       plain_packet.setPayloadType(0);
 169
 170     // generate packet-key
 171     conn.kd_.generate(LABEL_SATP_ENCRYPTION, conn.seq_nr_, session_key);
 172     conn.kd_.generate(LABEL_SATP_SALT, conn.seq_nr_, session_salt);
 173
 174     std::cout << "session_key: ";
 175     std::cout << session_key.getHexDump();
 176     std::cout << "session_salt: ";
 177     std::cout << session_salt.getHexDump() << std::endl;
 178
 179
 180     c->setKey(session_key);
 181     c->setSalt(session_salt);
 182
 183     // encrypt packet
 184     c->encrypt(plain_packet, encrypted_packet, conn.seq_nr_, gOpt.getSenderId());
 185
 186     encrypted_packet.setHeader(conn.seq_nr_, gOpt.getSenderId(), mux);
 187     conn.seq_nr_++;
 188
 189         // TODO: activate authentication
 190 //    conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
 191 //    a->setKey(session_auth_key);
 192 //              addPacketAuthTag(encrypted_packet, a.get(), conn);
 193
 194     std::cout << "encrypted_packet.getLength() = " << encrypted_packet.getLength() << std::endl << std::endl;
 195
 196     param->src.send(encrypted_packet.getBuf(), encrypted_packet.getLength(), conn.remote_host_, conn.remote_port_);
 197   }
 198   pthread_exit(NULL);
 199 }
 200
 201 void* syncConnector(void* p )
 202 {
 203         ThreadParam* param = reinterpret_cast<ThreadParam*>(p);
 204
 205         SocketHandler h;
 206         SyncClientSocket sock(h,param->cl);
 207         //      sock.EnableSSL();
 208         sock.Open( param->connto.host, param->connto.port);
 209         h.Add(&sock);
 210         while (h.GetCount())
 211         {
 212                 h.Select();
 213         }
 214   pthread_exit(NULL);
 215 }
 216
 217 void* syncListener(void* p )
 218 {
 219         ThreadParam* param = reinterpret_cast<ThreadParam*>(p);
 220
 221         SyncSocketHandler h(param->queue);
 222         SyncListenSocket<SyncSocket,ConnectionList> l(h,param->cl);
 223
 224         if (l.Bind(gOpt.getLocalSyncPort()))
 225                 pthread_exit(NULL);
 226
 227         Utility::ResolveLocal(); // resolve local hostname
 228         h.Add(&l);
 229         h.Select(1,0);
 230         while (1) {
 231                 h.Select(1,0);
 232         }
 233 }
 234
 235 void* receiver(void* p)
 236 {
 237   ThreadParam* param = reinterpret_cast<ThreadParam*>(p);
 238
 239   std::auto_ptr<Cipher> c( CipherFactory::create(gOpt.getCipher()) );
 240 //  std::auto_ptr<AuthAlgo> a( AuthAlgoFactory::create(gOpt.getAuthAlgo()) );
 241
 242   EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH);
 243   PlainPacket plain_packet(MAX_PACKET_LENGTH);
 244
 245   Buffer session_key(u_int32_t(SESSION_KEYLEN_ENCR));             // TODO: hardcoded size
 246   Buffer session_salt(u_int32_t(SESSION_KEYLEN_SALT));            // TODO: hardcoded size
 247   Buffer session_auth_key(u_int32_t(SESSION_KEYLEN_AUTH));        // TODO: hardcoded size
 248
 249   while(1)
 250   {
 251     string remote_host;
 252     u_int16_t remote_port;
 253
 254     plain_packet.setLength(MAX_PACKET_LENGTH);
 255     encrypted_packet.setLength(MAX_PACKET_LENGTH);
 256
 257     // read packet from socket
 258     u_int32_t len = param->src.recv(encrypted_packet.getBuf(), encrypted_packet.getLength(), remote_host, remote_port);
 259     encrypted_packet.setLength(len);
 260
 261                 // TODO: check auth tag first
 262 //    conn.kd_.generate(LABEL_SATP_MSG_AUTH, encrypted_packet.getSeqNr(), session_auth_key);
 263 //    a->setKey( session_auth_key );
 264 //              if(!checkPacketAuthTag(encrypted_packet, a.get(), conn))
 265 //                      continue;
 266
 267
 268     // autodetect peer
 269     if(gOpt.getRemoteAddr() == "" && param->cl.empty())
 270                 {
 271       cLog.msg(Log::PRIO_NOTICE) << "autodetected remote host " << remote_host << ":" << remote_port;
 272                         createConnection(remote_host, remote_port, param->cl, gOpt.getSeqWindowSize(),param->queue);
 273                 }
 274
 275                 // TODO: Add multi connection support here
 276                 ConnectionParam & conn = param->cl.getConnection(0)->second;
 277
 278                 //Allow dynamic IP changes
 279                 //TODO: add command line option to turn this off
 280                 if (remote_host != conn.remote_host_ || remote_port != conn.remote_port_)
 281                 {
 282       cLog.msg(Log::PRIO_NOTICE) << "autodetected remote host ip changed " << remote_host << ":" << remote_port;
 283                         conn.remote_host_=remote_host;
 284                         conn.remote_port_=remote_port;
 285                         SyncCommand sc (param->cl,0);
 286                         param->queue.push(sc);
 287                 }
 288
 289                 // Replay Protection
 290                 if (!checkPacketSeqNr(encrypted_packet, conn))
 291                         continue;
 292
 293     // generate packet-key
 294     conn.kd_.generate(LABEL_SATP_ENCRYPTION, encrypted_packet.getSeqNr(), session_key);
 295     conn.kd_.generate(LABEL_SATP_SALT, encrypted_packet.getSeqNr(), session_salt);
 296     c->setKey(session_key);
 297     c->setSalt(session_salt);
 298
 299     // decrypt packet
 300     c->decrypt(encrypted_packet, plain_packet);
 301
 302     // check payload_type
 303     if((param->dev.getType() == TunDevice::TYPE_TUN && plain_packet.getPayloadType() != PAYLOAD_TYPE_TUN) ||
 304        (param->dev.getType() == TunDevice::TYPE_TAP && plain_packet.getPayloadType() != PAYLOAD_TYPE_TAP))
 305       continue;
 306
 307     // write it on the device
 308     param->dev.write(plain_packet.getPayload(), plain_packet.getLength());
 309   }
 310   pthread_exit(NULL);
 311 }
 312
 313 #define MIN_GCRYPT_VERSION "1.2.3"
 314 // make libgcrypt thread safe
 315 extern "C" {
 316 GCRY_THREAD_OPTION_PTHREAD_IMPL;
 317 }
 318
 319 bool initLibGCrypt()
 320 {
 321   // make libgcrypt thread safe
 322   // this must be called before any other libgcrypt call
 323   gcry_control( GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread );
 324
 325   // this must be called right after the GCRYCTL_SET_THREAD_CBS command
 326   // no other function must be called till now
 327   if( !gcry_check_version( MIN_GCRYPT_VERSION ) ) {
 328     std::cout << "initLibGCrypt: Invalid Version of libgcrypt, should be >= " << MIN_GCRYPT_VERSION << std::endl;
 329     return false;
 330   }
 331
 332   // Tell Libgcrypt that initialization has completed.
 333   gcry_error_t err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
 334   if( err ) {
 335     std::cout << "initLibGCrypt: Failed to finish the initialization of libgcrypt: " << gpg_strerror( err ) << std::endl;
 336     return false;
 337   }
 338
 339   cLog.msg(Log::PRIO_NOTICE) << "initLibGCrypt: libgcrypt init finished";
 340   return true;
 341 }
 342
 343 int main(int argc, char* argv[])
 344 {
 345   std::cout << "anytun - secure anycast tunneling protocol" << std::endl;
 346   if(!gOpt.parse(argc, argv))
 347   {
 348     gOpt.printUsage();
 349     exit(-1);
 350   }
 351   cLog.msg(Log::PRIO_NOTICE) << "anytun started...";
 352
 353   SignalController sig;
 354   sig.init();
 355   std::string dev_type(gOpt.getDevType());
 356   TunDevice dev(gOpt.getDevName().c_str(), dev_type=="" ? NULL : dev_type.c_str(), gOpt.getIfconfigParamLocal().c_str(), gOpt.getIfconfigParamRemoteNetmask().c_str());
 357
 358   PacketSource* src;
 359   if(gOpt.getLocalAddr() == "")
 360     src = new UDPPacketSource(gOpt.getLocalPort());
 361   else
 362     src = new UDPPacketSource(gOpt.getLocalAddr(), gOpt.getLocalPort());
 363
 364         ConnectionList cl;
 365         ConnectToList connect_to = gOpt.getConnectTo();
 366         SyncQueue queue;
 367
 368         if(gOpt.getRemoteAddr() != "")
 369                 createConnection(gOpt.getRemoteAddr(),gOpt.getRemotePort(),cl,gOpt.getSeqWindowSize(), queue);
 370
 371   ThreadParam p(dev, *src, cl, queue,*(new OptionConnectTo()));
 372
 373   cLog.msg(Log::PRIO_NOTICE) << "dev created (opened)";
 374   cLog.msg(Log::PRIO_NOTICE) << "dev opened - actual name is '" << p.dev.getActualName() << "'";
 375   cLog.msg(Log::PRIO_NOTICE) << "dev type is '" << p.dev.getTypeString() << "'";
 376
 377   // this must be called before any other libgcrypt call
 378   if(!initLibGCrypt())
 379     return -1;
 380
 381   pthread_t senderThread;
 382   pthread_create(&senderThread, NULL, sender, &p);
 383   pthread_t receiverThread;
 384   pthread_create(&receiverThread, NULL, receiver, &p);
 385
 386         pthread_t syncListenerThread;
 387         if ( gOpt.getLocalSyncPort())
 388                 pthread_create(&syncListenerThread, NULL, syncListener, &p);
 389
 390         std::list<pthread_t> connectThreads;
 391         for(ConnectToList::iterator it = connect_to.begin() ;it != connect_to.end(); ++it)
 392         {
 393          connectThreads.push_back(pthread_t());
 394          ThreadParam * point = new ThreadParam(dev, *src, cl, queue,*it);
 395          pthread_create(& connectThreads.back(),  NULL, syncConnector, point);
 396         }
 397
 398         int ret = sig.run();
 399
 400   pthread_cancel(senderThread);
 401   pthread_cancel(receiverThread);
 402         if ( gOpt.getLocalSyncPort())
 403           pthread_cancel(syncListenerThread);
 404         for( std::list<pthread_t>::iterator it = connectThreads.begin() ;it != connectThreads.end(); ++it)
 405                 pthread_cancel(*it);
 406
 407   pthread_join(senderThread, NULL);
 408   pthread_join(receiverThread, NULL);
 409         if ( gOpt.getLocalSyncPort())
 410           pthread_join(syncListenerThread, NULL);
 411
 412         for( std::list<pthread_t>::iterator it = connectThreads.begin() ;it != connectThreads.end(); ++it)
 413           pthread_join(*it, NULL);
 414
 415   delete src;
 416         delete &p.connto;
 417
 418   return ret;
 419 }
 420